entrypoint.sh

#!/usr/bin/env bash

# borrowed from https://github.com/wazum/openconnect-proxy
# this implementation takes a different approach on issue https://github.com/wazum/openconnect-proxy/issues/8
run () {
  # Start openconnect
  if [[ -z "${OPENCONNECT_PASSWORD}" ]]; then
    # Ask for password
    openconnect -u "$OPENCONNECT_USER" --script-tun --script="ocproxy -g -D 1080" $OPENCONNECT_OPTIONS $OPENCONNECT_URL
  elif [[ ! -z "${OPENCONNECT_PASSWORD}" ]] && [[ ! -z "${OPENCONNECT_MFA_CODE}" ]]; then
    # Multi factor authentication (MFA)
    (echo $OPENCONNECT_PASSWORD; echo $OPENCONNECT_MFA_CODE) | openconnect -u "$OPENCONNECT_USER" --passwd-on-stdin --script-tun --script="ocproxy -g -D 1080" $OPENCONNECT_OPTIONS $OPENCONNECT_URL
  elif [[ ! -z "${OPENCONNECT_PASSWORD}" ]]; then
    # Standard authentication
    echo $OPENCONNECT_PASSWORD | openconnect -u "$OPENCONNECT_USER" --passwd-on-stdin --script-tun --script="ocproxy -g -D 1080" $OPENCONNECT_OPTIONS $OPENCONNECT_URL
  fi
}

until (run); do
  echo "openconnect exited. Restarting process in 60 seconds…" >&2
  sleep 60
done